Network Connection Constantly Sending and Recieving

Network Connection Constantly Sending and Recieving
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Network Connection Constantly Sending and Recieving Plasticman 05-11-2007
Posted by =?Utf-8?B?UGxhc3RpY21hbg==?= on May 11, 2007, 11:55 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

I have a client machine that is constantly transmitting and recieving bytes.
In the past day and a half it has sent 32 billion bytes and recieved 23
billion bytes. I have run Symantec Antivirus full scan with no results. I
have run the lates Microsoft Malicious Software removal tool with no results.
I ran Windows Defender with no results. I did a netstat on the machine and
it has an open port to all of our client machines on our LAN. For some of
the machines 2 or 3 ports. I am going to run a couple of rootkit detectors
as well. Can I close the ports on the one client machine manually? If so
how?

Thanks,

Steve
--
Steve
Systems Administrator
PSI

Posted by S. Pidgorny on May 11, 2007, 7:31 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
What does that mean - "an open port to all of our client machines"?
Do some captures (with Microsoft Network Monitor or Wireshark) to analyse
what is transmitted, and where to/from.

Use Process Monitor
(http://www.microsoft.com/technet/sysinternals/utilities/processmonitor.mspx)
to identify process responsible. You can close ports by shutting down the
process; alternaively, you can firewall the ports off to prevent
connections.

Maybe you're running a Skype supernode?

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *


> Hi,
>
> I have a client machine that is constantly transmitting and recieving
> bytes.
> In the past day and a half it has sent 32 billion bytes and recieved 23
> billion bytes. I have run Symantec Antivirus full scan with no results.
> I
> have run the lates Microsoft Malicious Software removal tool with no
> results.
> I ran Windows Defender with no results. I did a netstat on the machine
> and
> it has an open port to all of our client machines on our LAN. For some of
> the machines 2 or 3 ports. I am going to run a couple of rootkit
> detectors
> as well. Can I close the ports on the one client machine manually? If so
> how?
>
> Thanks,
>
> Steve
> --
> Steve
> Systems Administrator
> PSI



Posted by Zoned on May 12, 2007, 1:07 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> Hi,
> ....... I am going to run a couple of rootkit detectors
> as well. Can I close the ports on the one client machine manually? If so
> how?
>
> Thanks,
>
> Steve
> --
> Steve
> Systems Administrator
> PSI

There are loads of rootkit scanners on www.antirootkit.com/software/index.htm
Try a few of the ones in bold. Some seem to be better at finding
certain rootkits while others may find one but cant remove it,
good luck,
Z


Posted by fiftysixkilo@gmail.com on May 13, 2007, 11:57 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> Hi,
>
> I have a client machine that is constantly transmitting and recieving bytes.
> In the past day and a half it has sent 32 billion bytes and recieved 23
> billion bytes. I have run Symantec Antivirus full scan with no results. I
> have run the lates Microsoft Malicious Software removal tool with no results.
> I ran Windows Defender with no results. I did a netstat on the machine and
> it has an open port to all of our client machines on our LAN. For some of
> the machines 2 or 3 ports. I am going to run a couple of rootkit detectors
> as well. Can I close the ports on the one client machine manually? If so
> how?
>
> Thanks,
>
> Steve
> --
> Steve
> Systems Administrator
> PSI

You could try using a application level firewall like ZoneAlarm. Also
check the ports it is using against some of the known ports and make
sure it's not some application installed or misconfigured that is
making the connections.


Posted by Lincoln De Kalb on May 13, 2007, 9:58 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
You could also use TCPView from Sysinternals (now microsoft). Though unless
you have a good understanding of what are "normal" processes you might be
overwhelmed.

>> Hi,
>>
>> I have a client machine that is constantly transmitting and recieving
>> bytes.
>> In the past day and a half it has sent 32 billion bytes and recieved 23
>> billion bytes. I have run Symantec Antivirus full scan with no results.
>> I
>> have run the lates Microsoft Malicious Software removal tool with no
>> results.
>> I ran Windows Defender with no results. I did a netstat on the machine
>> and
>> it has an open port to all of our client machines on our LAN. For some
>> of
>> the machines 2 or 3 ports. I am going to run a couple of rootkit
>> detectors
>> as well. Can I close the ports on the one client machine manually? If
>> so
>> how?
>>
>> Thanks,
>>
>> Steve
>> --
>> Steve
>> Systems Administrator
>> PSI
>
> You could try using a application level firewall like ZoneAlarm. Also
> check the ports it is using against some of the known ports and make
> sure it's not some application installed or misconfigured that is
> making the connections.
>



Similar ThreadsPosted
Corporate Network Connection w/ additional Untrusted Network via E February 24, 2006, 8:41 pm
Windows Security Patches w/o network connection January 19, 2006, 11:24 am
Wireless network connection not established before user login May 26, 2005, 12:28 pm
Constantly Threatened HELP September 17, 2007, 1:54 am
This is crazy / Constantly being informed that same def to be upd April 12, 2006, 9:00 pm
sending spam May 20, 2007, 11:24 am
Re: computer sending emails October 12, 2006, 7:17 am
Email - Sending Computer Identification November 20, 2005, 11:17 am
Outlook sending unathorized e-mails August 31, 2006, 11:28 pm
Deny sending attachment through Internet October 5, 2006, 3:08 pm

The site map in XML format XML site map

Contact Us | Privacy Policy